crypto hot topic

Document Sample
crypto hot topic Powered By Docstoc
					HOT TOPIC: Considerations Relating to Strong Cryptography

Disclaimer: Cryptography law is a particularly complex and evolving area topic. The following general
summary is not meant as legal advice. For legal advice, we urge you to consult a suitably trained attorney.

Introduction:

1. Encryption Plays An Essential Role In Securing The Internet: Encryption is a critical technology
underpinning our current computer and network security. For example, SSL/TLS ("https") protects online
credit card purchases. Whole disk encryption helps protect sensitive personally identifiable information
(PII) stored on lost or stolen laptops. Pretty Good Privacy (PGP) or GNU Privacy Guard (GPG) helps to
safeguard email between journalists and sources (such as whistleblowers), and also gets routinely used to
secure the communications of peaceful religious/political dissidents.

2. Encryption And U.S. National Security: At the same time, bad people (including spies, terrorists,
organized crime members, drug kingpins, pedophiles and other criminals) also value encryption, seeing it
as a way to avoid being held accountable for their crimes. This ugly reality makes law enforcement and
national security agencies worry that encryption will be abused in ways that will interfere with their
ability to lawfully intercept targeted network traffic, or that encryption will interfere with their ability to
collect digital forensic evidence in conjunction with a lawful search warrant.

3. Encryption Technologies and Export Controls: To minimize some of those issues, strong cryptography
products are subject to export control regimes. While export controls cannot protect against all misuse of
strong encryption, export controls at least make it harder for oppressive regimes and terrorist-supporting
nation to evade international monitoring. Therefore, strong cryptography products generally may not be
exported to Burma, Cuba, Iran, North Korea, Sudan, Syria or any other country designated as being
ineligible to lawfully receive strong cryptography. Specific companies and individuals are also denied
access to strong cryptography; see the list of specially designated nationals and other denied persons at
http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm

4. "Deemed Export:" Normally, when we think about "exporting" something, we think about shipping a
product outside the United States. However, when it comes to strong cryptography, the so-called "deemed
export" rule means that simply allowing a foreign person to access strong cryptography will be "deemed"
by the U.S. government to have been an "exportation" even if nothing has physically left the U.S. For
more on the "deemed export" rule, see http://www.bis.doc.gov/deemedexports/deemedexportsfaqs.html

5. Training Forbidden To Certain Classes of Individuals: You should also know that federal law prohibits
providing training (including training on strong cryptography) to terrorists, drug traffickers, and those
directly or indirectly involved in the design, development, fabrication or use of weapons of mass
destruction (including improvised explosive devices, nuclear, chemical, biological, or radiological weapons,
and missile technology, see 18 USC Chapter 113B).

6. Travel With Strong Cryptography: Many faculty, staff and students in higher education routinely travel
abroad. When doing so, they may take a computer or other device with them, and that computer or other
device may include strong cryptography. While strong cryptography may be critical to protecting your
privacy and any PII data you may have on your system while travelling, take care to ensure that strong
cryptography isn't accidentally exported in violation of federal law. Users are also reminded that not all
countries permit personal use of strong encryption, and anyone doing so in a country where encryption is
forbidden may be subject to sanctions, including detention or expulsion as a "spy," imprisonment, fines, or
seizure of any computer that may have been being used. Travelers entering America should also be aware
that border control agents have substantial discretion when it comes to inspecting systems at the United
States border. Travelers may wish to review "Defending Privacy at the U.S. Border: A Guide for Travelers
Carrying Digital Devices," https://www.eff.org/sites/default/files/EFF-border-search_2.pdf

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:8/8/2012
language:
pages:1